<?PHP
class User{
  public $name;
  public $role;
  public $id;

  function __construct(){
    $this->role = new Role();
    $this->role->load(1);
  }
  
  function login($name,$password){
    $password = $GLOBALS['db']->EscapeString(trim($password));
    if($this->checkPassword($password,trim($name))){
      $this->load(trim($name));
      return true;
    }
    else{
      return false;
    }
  }

  function checkPassword($password,$name){
    $password =$GLOBALS['db']->EscapeString(trim($password));
    $name = $GLOBALS['db']->EscapeString(trim($name));
    $count = $GLOBALS['db']->ReadField("SELECT COUNT(*) FROM {'dbprefix'}user WHERE 
                        name='".$name."' AND password = '".md5($password)."'");
    return $count == 1;
  }
  
  public function logout(){
     session_destroy();
  }
  
  function getAllUser(){
    $users = $GLOBALS['db']->ReadRows("SELECT * FROM {'dbprefix'}user ORDER by name");
    foreach($users as $user){
      $newUser = new User();
      $newUser->id   = $user->id;
      $newUser->name = $user->name;
      $newUser->role->load($user->role);
      $res[] = $newUser;
    }
    return $res;
  }

  function load($name){
    $name = $GLOBALS['db']->EscapeString(strtolower(trim($name)));
    $user = $GLOBALS['db']->ReadRow("SELECT * FROM {'dbprefix'}user WHERE name = '".$name."'");
    $this->id   = $user->id;
    $this->name = $user->name;
    $this->role->load($user->role);
  }

  function isGuest(){
    return $this->role->ID == 1;
  }

  function isAdmin(){
    return $this->role->ID == 2;
  }

  public function exists(){
    $name     = $GLOBALS['db']->EscapeString(strtolower(trim($this->name)));
    return $GLOBALS['db']->ReadField("SELECT COUNT(*) FROM {'dbprefix'}user WHERE 
                        name='".$name."'") > 0;
  }

  public function insert($password){
    $res = false;
    if($this->validate($password)){
      $name     = $GLOBALS['db']->EscapeString(strtolower(trim($this->name)));
      $role     = $GLOBALS['db']->EscapeString($this->role);
      $password = $GLOBALS['db']->EscapeString(md5($password));
      $res = $GLOBALS['db']->Execute("INSERT INTO {'dbprefix'}user (name, password, role) VALUES ('".$name."','".$password."','".$role."')");
      Cache::clear("tables","userlist");
    }
    return $res;
  }

  public function validate($password){
    $res = true;
    if($res) $res = trim($this->name) != "";
    if($res) $res = trim($this->role) != "";
    if($res) $res = trim($password) != "";
    if($res) $res = !$this->exists();
    return $res;
  }

  public function delete(){
    $res = false;
    if(!$this->equals($_SESSION['user'])){
      $id = $GLOBALS['db']->EscapeString(strtolower(trim($this->id)));
      $res = $GLOBALS['db']->Execute("DELETE FROM {'dbprefix'}user WHERE id = '".$id."'");
      Cache::clear("tables","userlist");
    }
    return $res;
  }

  public function equals(User $user){
    return $this->id == $user->id;
  }
}
?>